Penetration Testing Execution:
Provide comprehensive web application, IT infrastructure, and application-level testing (including COTS and GOTS software) using defined methodologies.
Vulnerability & Risk Analysis:
Assess security vulnerabilities within operating systems, software, protocols, and networks; evaluate risks and formulate actionable mitigation plans.
Stakeholder Alignment:
Lead and participate in kick-off meetings to define testing requirements, scope, and rules of engagement.
Reporting & Responsible Disclosure:
Write high-quality, structured technical reports in English. Follow the Responsible Disclosure Process for newly detected COTS vulnerabilities with vendors.
Executive Briefings:
Brief stakeholders, technical teams, and high-level leadership (up to flag officer level) on security findings and assessment outcomes.
Agile Sprint Delivery:
Execute tasks and report outcomes within a 1-week sprint framework, tracking activities inside JIRA.
Skill, Knowledge & Experience:
Education & Experience:
Bachelor’s degree in an IT-heavy technical subject with 3 years of post-related experience. Alternatively, 10 years of extensive and progressive penetration testing experience can compensate for a degree.
Core Technical Expertise:
Minimum 3 years of deep experience in web application and infrastructure penetration testing, network security architecture design, and UNIX/Windows system administration.
Tooling & Scripting:
Strong proficiency with industry-recognized penetration testing tools and scripting skills in at least one language (Python, Go, PowerShell, or Shell).
Advanced Security Concepts:
Solid understanding of authentication protocols, cryptography, application security, malware infection techniques, and defensive technologies.
Desirable Certifications:
Professional certifications such as OSCP, OSCE, OSWE, GPEN, CREST Certified Web Application Tester, GXPN, or GWAPT.
Language & Environment:
Thorough proficiency in English is required. Prior experience in an international military/civilian environment or knowledge of NATO structures is highly beneficial.
Security Clearance:
Must possess a valid, active NATO Secret security clearance.
#J-18808-Ljbffr